Learn about X security

Xhost +

On a machine with improperly configured X software, malicious remote users can do anything they like to the display. This includes taking a snapshot of the screen or grabbing all keystrokes on the keyboard.

Nature of the problem

X, when run with access permissions disabled (e.g., in “xhost +” mode), will provide access to Xevent queues to anyone who requests it. Since X events include keystrokes, window resizing and (re)drawing, mouse movements, etc. (essentially any user interaction), it is trivial to do things like take screen snapshots, move or resize windows, grab keystrokes, etc. We have positive evidence from other universities that keystrokes are being captured.

eXceed and Xwin-32’s default permissions are wide open, and others are fairly easy to configure that way. Since Windows is rather different from UNIX with respect to X, it is likely that many users don’t realize the danger an open X server poses.

Securing your machine

We recommend using PuTTY with X11 Forwarding enabled to connect to the remote system, then starting X-Win32 in a local-only mode (only accepting X connections from the localhost).